Recently, Emerson’s Fisher Control Valve and Regulators division announced that several lines of control valves received SIL 3 certification for on/off operation per the IEC 61508 international safety standard. Safety valves with digital valve controllers have been certified for many years, but these are the first control valves to achieve this independent third-party certification. Up to this point, the prior use methodology has been required to demonstrate the control valves are “proven in use” for safety applications.
I caught up with Andy Evans, a product manager in Fisher’s European operations. Andy shared with me the motives behind pursuing this certification:
…the architectural constraints in IEC 61508 state that a final element needs a Safe Failure Fraction of greater than 60% to be used in a SIL 2 loop as a single device. The generic data, which was being used prior to having specific FMEDA (Failure Modes, Effects, and Diagnostic Analysis), was less than 60%.
Andy also noted that process manufacturers were increasingly requesting the certification given the efforts required with the “prior use” approach. The team decided to pursue certification for the Fisher GX, Vee-ball, easy-e and HP valve families.
The valve technology organization worked with the third-party safety professionals, Exida. They followed the basic process outlined in the IEC 61508 standard. The team went through an initial documentation plan including verification and validation (V&V) followed by the detailed writing of the safety requirement specifications (SRS). These activities completed the analysis phase of the safety lifecycle.
They went through the FMEDA for the mechanical portions of the actuators and valve bodies based on their physical properties and field experience. This analysis looks at the effect of each component in the valve failing in its worst possible way and then categorizing that failure.
Exida has a database of frequency of failure for each type of component. These failures are categorized into safe & dangerous (dangerous meaning stopping the valve moving to its safe state) and detected & undetected.
After the FMEDA analysis was performed, functional tests (integral), conceptual design, and detailed design assessments were done.
The final steps on the path to certification were a thorough evaluation of the engineering development process and documentation assessment for design modifications, change request processes and impact analyses.
Having these control valves certified for up to SIL 3 safety instrumented functions provide process manufacturers great flexibility in the selection of final control elements for their IEC 61511 safety compliance efforts.
